lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20221007104120.75208-1-acherniakov@astralinux.ru>
Date:   Fri,  7 Oct 2022 13:41:19 +0300
From:   Andrew Chernyakov <acherniakov@...ralinux.ru>
To:     acherniakov@...ralinux.ru, stable@...r.kernel.org,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Andy Gross <agross@...nel.org>,
        Bjorn Andersson <andersson@...nel.org>,
        Konrad Dybcio <konrad.dybcio@...ainline.org>,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        linux-arm-msm@...r.kernel.org, linux-remoteproc@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
        lvc-project@...uxtesting.org
Subject: [PATCH 5.10 0/1] Backport of rpmsg: qcom: glink: replace strncpy() with  strscpy_pad()

With static analisys tools we found that strncpy() is used in rpmsg. This
function is not safe and can lead to buffer overflow. This patchset
replaces strncpy() with strscpy_pad().

This patchset backports the following commit from v5.16:
commit 766279a8f85d ("rpmsg: qcom: glink: replace strncpy() with strscpy_pad()")

Link: https://lore.kernel.org/all/20220519073330.7187-1-krzysztof.kozlowski@linaro.org/

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ